Effective today, the Defense Department is requiring that large contractors notify them when certain cyberattacks occur. Previously, large military contractors were not required to notify the government of intrusions.
According to a notice published in the Federal Register, Pentagon contractors must report “cyber incidents that result in an actual or potentially adverse effect on a covered contractor information system.”
The United States government is still smarting from the ongoing effects of the Office of Personnel Management hack earlier this year, where Chinese hackers gained access to the personal data of millions of U.S. government employees and job applicants. This hack appears to have given the Chinese government the ability to detect American spies as a result, leading to the removal of a number of intelligence officers from the American Embassy in Beijing. Reports from the Los Angeles Times indicate that the Chinese and Russian government are cross-referencing data from the OPM attack in order to expose potential spies.
The contractors used by the Defense Department have varying levels of security defenses against hackers. Slashes to Pentagon budgets and general moves toward smaller government by Congress have resulted in many of the previously essential functions of the Defense Department being outsourced to private companies.